Well, I have respect for both of your views and contributions since you’ve both done a shitload of work/improvements for the Whonix project over a long period.
I think this is a case where it’s better to agree to disagree. This same (heated) discussion is already seen in thousands of articles/forums across the net already.
Coming back to madaidan’s original point - I do think that the Host Operating System Selection page could do with a clean up / more objective references in general. I don’t like how it is formatted at present - it is more than a little ‘preachy’ and does rely heavily on the FSF info.
I have looked around briefly for objective, solid resources for the Linux v Windows comparison re: security (I think we have a solid handle on the privacy issues already), but it’s hard to find good, modern, scientific material doing a thorough comparison. Ditto if we had a better Linux vs macOS comparison.
If you have some good references to share, we can do up a reasonable security comparison table with entries like sandboxing, root vs non-root accounts and a thousand other things.
I suspect that Windows/macOS will look very good on that comparison, but as already noted by other commentators, it will not necessarily change the recommendation to avoid the Windows platform due to points already outlined in this thread (I’m not going there; have better things to do )
PS Re: Rutkowska’s GUI isolation article - another reason to use Qubes. I’m very surprised that just over 30K still use it in this day and age, given all the known benefits (including yourself?). If I am a bad guy and monitor the Whonix forums - extremely likely - contributors are the first people I track/screw with. Anybody who has contributed to Whonix for years will normally announce strange behaviour of their laptop or desktop from time to time, which I have no doubt relates to advanced adversaries.
I agree. Most content is just the same “linux is super duper secure” echo chambers written by non-experts. Daniel Micay has talked a lot about it but he hasn’t made a very thorough comparison AFAIK.
I’d say macOS trumps both Linux and Windows in terms of security. For example, it has proper verified boot unlike the theater in Windows/some Linux distros.
I can write something up if you’d like. I really like researching OS security.
it is more than a little ‘preachy’ and does rely heavily on the FSF info
It is and you have to call ppl to use this or that anyway, we cant be
middle between good and evil thats hypocrisy, We should always choose
the good side or at least do our best to reach to that.
Any good quality quotes or improvements can be added to the wiki as well
why not but not in order to make Proprietary OS looks nice and its okay
as an option to be used. Its up to the user anyway what he will choose
to install in his machine but from our side we do the good part which
give warnings and show the danger of choosing proprietary OS and in the
end its up to the user to decide which OS he take.
Correction: GNU documentation , Not FSF.
Well, I have respect for both of your views and contributions since
you’ve both done a shitload of work/improvements for the Whonix project
over a long period.
Thank you and you have done alot as well, Im glad to be with great
quality contributors over here.
Don’t let wiki stuff detract from your code contributions though, which have been great. (And yes, we should probably separate out User Freedoms as a distinct issue.)
Actually my bad (probable hyperbole/misattribution). I think the actual case is if you live in a jurisdiction hostile to Tor/encryption like mine and spend a lot of time using these tools, you just get attacked from time to time (sometimes obvious in the impacts - could be purposeful harassment or an amateur). Whonix is probably just the side issue i.e. have spent too much time hanging around here in recent years.
I think maybe it is fair to say something in the Intro to that page like:
There are two primary trains of thought with respect to security and privacy when deciding upon a host operating system.
Many GNU/Linux enthusiasts insist that where strong privacy is the end goal, trust cannot be placed in unauditable proprietary operating systems, even if an objective analysis of security features suggests they provide stronger protection against potential exploitation. The reason is a host of anti-features such as advanced telemetry can be classified as built-in spyware that greatly undermine the privacy objective and seriously compromise user freedoms. Further, off-the-shelf malware more often targets proprietary operating systems due to their mass adoption; the corrolary is open source options may therefore reduce the risk of exploitation by weaker adversaries (admittedly experts generally state “security via obscurity” is a weak security principle to adopt). [ref]For instance, it is a logical fallacy to state that since few public exploits exist against OpenBSD, it is a more secure platform.[/ref]
The counter argument is proprietary operating systems like Windows 10 and macOS have invested billions of dollars and millions of developer hours into significantly hardening their platforms over the past two decades (see Table X). [ref]In Windows’ case, over 45,000 developers are engaged in 2020.[/ref] This has meant Windows has modern mitigations like Control-Flow Integrity that are simply not available in popular Linux platforms, nor likely in the near future. Further, the ‘many eyes’ theory suggests that Windows and macOS are far less likely to suffer from legacy code issues that may pose catastropic security weaknesses. Since privacy is built upon the security foundation, it is simplistic to state open source OSes are superior in all regards.
On the balance, objective evidence and disclosures suggest popular proprietary OSes have better security than Linux and BSD variants, but strongly embedded telemetry features which are injurious to privacy. In the case of open source OSes, they have maximal user freedoms and virtually non-existent telemetry, but greater security weaknesses.
It is for this reason operations systems like Qubes OS are gaining increasing attention as a potentially better, third alternative. In this configuration Whonix runs on top of Qubes inside virtual machines (VMs), just like any other OS on the same platform (Fedora, Debian, Arch Linux and so on).The Qubes bare-metal hypervisor is based on Xen and Fedora. Via hardware support like VT-x, VT-d and TXT, Qubes has implemented a strict security-by-isolation architecture. Hardware controllers and multiple user domains (qubes) are isolated using separate VMs that are explicitly assigned different levels of trust, yet the desktop experience is user-friendly and well-integrated. In summary, Qubes provides both strict security mechanisms and remains completely free of a reliance upon proprietary software.
True - but if madaidan does a succinct summary, wouldn’t hurt to drop it in a table so at least we have some objective info. But I agree, we don’t want it to turn into a monster like that other page.
PS Check out the SSH page improvements (thanks to that contributor - I tidied it up a bit)
That looks good to me - short, sweet, not overstated like before. It still higlights Windoze is a privacy nightmare, which is the main point we need to get across.
The old (existing) version is too verbose and comes across as unbalanced (plus repetitive).
It is mostly cutting out big, repetitive sections & some contentious claims (or interpretations), along with more neutral wording. On the whole, probably better balanced.
I think we did well over the years cutting anything where claims were ‘out there’. This page probably falls into that category, and I did cringe a bit reading it in the past (admittedly I originally added a lot of that FSF information).
It’s not an issue. Microsoft can remove apps from the Windows Store which is obvious since it’s their server. It’s like criticizing Debian for being able to control their own repos - it doesn’t make sense. It only becomes an issue when it’s used to censor legitimate content which there hasn’t been a case of AFAIK.
remotely is the keyword here. Debian has never and has no mechanism to remote delete applications without the user running APT - which would then inform beforehand what it is going to do.
remotely meaning: microsoft starting the action.
APT could remove a package too (sometimes packages are renamed), but the user has to start the action, and can abort any time. Never in the history Debian enforced any software removal. Well, except maybe the situation “if you don’t do X, then you can’t upgrade” (I don’t know any specific examples). But no force removal triggered from Deian remote server that results in changes on local user disk.
There’s also tons of other deletions of bullet-points. Please quote and explain why these would be non-appliable. If these are still applicable but wrongly worded, please reword instead delete.
It’s cleaning up apps that have been removed from the Windows Store from the user’s PCs. Microsoft can’t just delete random apps willy nilly. You can still use whatever .exe you want and Microsoft can’t remove that. It’s only for apps that have been removed from the Windows Store and this has only ever been used to remove malware. If you want to install the removed software, you can still fetch the .exe and install it.
Gotta love how Windows is criticized for being “a pile of legacy code full of security holes” yet also criticized for not supporting legacy code full of security holes.
Windows Interference
These aren’t relevant to privacy/security/freedom. They’re just annoyances.
This was just a key named “NSAKEY” and was never proven to be malicious. If the NSA wanted a backdoor in Windows do you really think they’d be foolish enough to stick their name in plain sight?
Ok. Still worth mentioning that capability. Could even be considered a feature. Debian / Whonix in theory has the same chance. In theory package upgrade could introduce software/scripts which auto removes known malware, but then again, user has to opt-in for that by starting to upgrade.
Quoted from article:
But what is less well-known is that, if you are like most users and login to Windows 10 using your Microsoft account, your computer automatically uploaded a copy of your recovery key — which can be used to unlock your encrypted disk — to Microsoft’s servers, probably without your knowledge and without an option to opt out.
“When a device goes into recovery mode, and the user doesn’t have access to the recovery key, the data on the drive will become permanently inaccessible. Based on the possibility of this outcome and a broad survey of customer feedback we chose to automatically backup the user recovery key,” a Microsoft spokesperson told me. “The recovery key requires physical access to the user device and is not useful without it.”
Ok.
Therefore Later Windows versions [only allow programs from the Windows Store](https://www.theguardian.com/technology/2017/may/03/windows-10-s-microsoft-faster-pc-comparison) [[archive]](https://web.archive.org/web/https://www.theguardian.com/technology/2017/may/03/windows-10-s-microsoft-faster-pc-comparison) to be downloaded and installed. is invalid indeed.
Since this is opt-in it’s actually an advantage. Please keep / reword.
I see the point. The issue again is the wording. It is important to mention dropping support for Windows versions older than Windows 10. This is because when people learn about “Windows 10 privacy issue” their immediate reaction isn’t “drop Windows, switch to Linux” but instead “stick with Windows 7” or “go back to Windows XP”. This that is not advisable due to dropped security support, this needs to be mentioned. Please keep and reword.
Please keep and reword. These are useful to show the advantages of most Linux distributions which usually do not contain advertisements and nag screens.
Major applications still aren’t available such as firefox, gnupg, libre office, any portable apps.
Can be rewritten but chapter Freedom Software Superiority still mostly applies.
The section isn’t meant to be about useful Windows features.
Logging into a Windows 10 account is optional and I doubt most users do.
I don’t see why it should be kept. Again, that section is about Windows’ surveillance/freedom restrictions, not its advantages. Advantages are mentioned above in the overview section.
There was no mention of a backdoor in the original source and if you read the source, you’d see it’s actually a freedom issue and not a security issue.
And from my experience, the BSI generally isn’t reliable and claim some blatantly untrue things.
I don’t see the need to keep those. We should instead add something like “Going back to older Windows versions introduces new security issues and lacks support”.
The page isn’t about Linux nagging the user less.
It’s not Microsoft’s fault that people don’t submit their apps to the store.
It doesn’t. The majority of it is just “free software is super secure” which isn’t true.
)
- I tidied it up a bit)